import { createSign, createVerify } from 'crypto'
import { Request } from 'express'
import { cloneDeep } from 'lodash'
+import { sha256 } from '@shared/extra-utils'
import { BCRYPT_SALT_SIZE, HTTP_SIGNATURE, PRIVATE_RSA_KEY_SIZE } from '../initializers/constants'
import { MActor } from '../types/models'
-import { sha256 } from '@shared/core-utils/crypto'
import { createPrivateKey, getPublicKey, promisify1, promisify2 } from './core-utils'
import { jsonld } from './custom-jsonld-signature'
import { logger } from './logger'
}
function parseHTTPSignature (req: Request, clockSkew?: number) {
- const headers = req.method === 'POST'
- ? HTTP_SIGNATURE.REQUIRED_HEADERS.POST
- : HTTP_SIGNATURE.REQUIRED_HEADERS.ALL
+ const requiredHeaders = req.method === 'POST'
+ ? [ '(request-target)', 'host', 'digest' ]
+ : [ '(request-target)', 'host' ]
- return httpSignature.parse(req, { clockSkew, headers })
+ const parsed = httpSignature.parse(req, { clockSkew, headers: requiredHeaders })
+
+ const parsedHeaders = parsed.params.headers
+ if (!parsedHeaders.includes('date') && !parsedHeaders.includes('(created)')) {
+ throw new Error(`date or (created) must be included in signature`)
+ }
+
+ return parsed
}
// JSONLD